Vulnerability identifier: #VU63175

Vulnerability risk: Low

CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33122

CWE-ID: CWE-691

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Rocket Lake Xeon
Hardware solutions / Other hardware appliances
Intel Core Processors with Intel Hybrid Technology
Hardware solutions / Firmware
10th Generation Intel Core Processors
Hardware solutions / Firmware
Intel Pentium Silver N6000 Processors
Hardware solutions / Firmware
Intel Celeron N4000 Processors
Hardware solutions / Firmware
Intel Pentium Silver N5000 Processors
Hardware solutions / Firmware
11th Generation Intel Core Processors
Hardware solutions / Firmware
9th Generation Intel Core Processors
Client/Desktop applications / Web browsers

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient control flow management in the BIOS firmware. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Rocket Lake Xeon: All versions

Intel Core Processors with Intel Hybrid Technology: All versions

10th Generation Intel Core Processors: All versions

Intel Pentium Silver N6000 Processors: All versions

Intel Celeron N4000 Processors: All versions

Intel Pentium Silver N5000 Processors: All versions

9th Generation Intel Core Processors: All versions

11th Generation Intel Core Processors: All versions

---

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.